From: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
To: Krzysztof Karas <krzysztof.karas@intel.com>
Cc: <igt-dev@lists.freedesktop.org>,
<kamil.konieczny@linux.intel.com>, <andi.shyti@linux.intel.com>,
<krzysztof.niemiec@intel.com>
Subject: Re: [PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations()
Date: Wed, 18 Jun 2025 11:51:18 +0000 [thread overview]
Message-ID: <DAPMY7MM04R3.OWBQC9Z8G12F@intel.com> (raw)
In-Reply-To: <pljh6w3ikkehzyhdwvey4277vklqffg5dfledtm3hcuoer6hzt@atyhhoyamrjm>
Hi Krzysztof,
On Wed Jun 18, 2025 at 11:39 AM UTC, Krzysztof Karas wrote:
> Hi Sebastian,
>
>> Fix a general protection fault in igt@gem_exec_big@single caused by
>> passing a non-canonical address via relocs_ptr. The test previously
>> used a stack-allocated relocation entry, which resulted in an invalid
>> pointer being passed to the kernel, triggering a crash.
> Did this happen as a result using freed heap allocated data?
The issue was triggered while attempting to access memory.
Just wrong pointer.
>
>>
>> This patch replaces the stack-allocated `reloc` with a NULL pointer,
>> ensuring the kernel correctly interprets the absence of relocations and
>> avoids undefined behavior.
>>
>> A corresponding kernel patch to sanitize user input for relocs_ptr has
>> been submitted to the i915 mailing list to further harden the interface.
> I noticed that the mentioned patch has been met with some
> pushback from the community. If you believe it is required on
> the i915 side and worth mentioning here, then please move this
> note into the section below "---". Otherwise, please remove
> that part.
a
Sure, gonna do this in v2.
--
Best regards,
Sebastian
next prev parent reply other threads:[~2025-06-18 11:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-16 14:26 [PATCH i-g-t] lib/i915: Avoid non-canonical address dereference in gem_has_relocations() Sebastian Brzezinka
2025-06-16 23:26 ` ✓ Xe.CI.BAT: success for " Patchwork
2025-06-17 7:24 ` ✓ Xe.CI.Full: " Patchwork
2025-06-17 13:37 ` ✗ i915.CI.BAT: failure " Patchwork
2025-06-18 11:39 ` [PATCH i-g-t] " Krzysztof Karas
2025-06-18 11:51 ` Sebastian Brzezinka [this message]
2025-06-23 17:43 ` Kamil Konieczny
2025-06-18 15:10 ` Kamil Konieczny
2025-06-23 14:33 ` Sebastian Brzezinka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAPMY7MM04R3.OWBQC9Z8G12F@intel.com \
--to=sebastian.brzezinka@intel.com \
--cc=andi.shyti@linux.intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=kamil.konieczny@linux.intel.com \
--cc=krzysztof.karas@intel.com \
--cc=krzysztof.niemiec@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox